Enhancing domain knowledge-based automatic vulnerability discovery도메인 지식 기반 취약점 자동 탐지 개선 연구

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 593
  • Download : 0
DC FieldValueLanguage
dc.contributor.advisorKim, Yongdae-
dc.contributor.advisor김용대-
dc.contributor.advisorYun, Insu-
dc.contributor.advisor윤인수-
dc.contributor.authorHan, HyungSeok-
dc.date.accessioned2023-06-23T19:34:45Z-
dc.date.available2023-06-23T19:34:45Z-
dc.date.issued2023-
dc.identifier.urihttp://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=1030602&flag=dissertationen_US
dc.identifier.urihttp://hdl.handle.net/10203/309285-
dc.description학위논문(박사) - 한국과학기술원 : 정보보호대학원, 2023.2,[v, 86 p. :]-
dc.description.abstractRecently, there has been much research on improving automatic vulnerability discovery (e.g., fuzzing and static analysis) by leveraging domain knowledge. Although most of them focused on which domain knowledge to leverage, this dissertation presents that considering how to apply and represent domain knowledge also helps to enhance domain knowledge-based automatic vulnerability discovery. First, we utilize more domain knowledge. We extend the previous JavaScript engine fuzzing, which uses only JavaScript syntax, to leverage a JavaScript type system and show the effectiveness of our approach. Second, we enhance by more advanced adoption of domain knowledge. Particularly, we improve tools for finding a kind of use-after-free bugs caused by compacting garbage collection. For that, we precisely define these use-after-free bugs and implement a new tool with the tailored symbolic execution, which found bugs that the previous tools missed. Lastly, we enhance extensible static binary checking tools, which take domain knowledge as vulnerability patterns, by analysts-friendly representation of domain knowledge. Previous tools only support patterns based on their own low-level intermediate representations, while most analysts work with decompiled code, which have high-level information such as value types. We thus propose an extensible static checking tool based on decompiled code, which can support diverse patterns and find several bugs in COTS binaries such as Windows kernel.-
dc.languageeng-
dc.publisher한국과학기술원-
dc.subjectAutomatic vulnerability discovery▼aFuzzing▼aStatic analysis▼aDomain knowledge-
dc.subject취약점 자동 탐지▼a퍼징▼a정적 분석▼a도메인 지식-
dc.titleEnhancing domain knowledge-based automatic vulnerability discovery-
dc.title.alternative도메인 지식 기반 취약점 자동 탐지 개선 연구-
dc.typeThesis(Ph.D)-
dc.identifier.CNRN325007-
dc.description.department한국과학기술원 :정보보호대학원,-
dc.contributor.alternativeauthor한형석-
Appears in Collection
IS-Theses_Ph.D.(박사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0